Documentation index

Privacy & cookie policy generator ›

Privacy policy for apps that include account registration


Since the release of iOS 8, Apple has implenented many more reasons to reject your app application. In this post, we’ll go over the reason termed “user registration”.

Article 17.5 of Apple’s App Store Review Guidelines provides grounds for rejection that have existed for some time. The article reads as follows:

17.5 Apps that include account registration or access a user’s existing account must include a privacy policy or they will be rejected

Update as of iOS 11: Apple has deleted that section, but there’s a small text section that maintains the same thing.

Apps that collect user or usage data must have a privacy policy and secure user consent for the collection. This includes—but isn’t limited to—apps that implement HealthKit or other health/medical technologies, apps that utilize ARKit, Camera APIs, Photo APIs, or other software for depth of facial mapping information, HomeKit, Keyboard extensions, Apple Pay, Stickers and iMessage extensions, include a login, or access user data from the device.

iubenda makes solving this issue easy. Adding an account registration clause to your privacy policy simply involces selecting “direct registration” from the add services list.

account_registration_apple_store_rejection

As a second and last step, you’ll be asked to customize this service and imput the type of data that your application collects.

direct_registration_customize

After completing the “add services” step you must retrieve the link to your privacy policy (or one of the other embedding options for that matter).

About third party account systems

If you have a login system in place that uses Facebook or Twitter you can dislcose so with our built in extensions as well.

Direct registration plus Facebook

  • + Facebook: If your users are able to log in with their Facebook account you must disclose that with the “Access to the Facebook account” service;
  • + You’ll also want to disclose that you make them log in via the “Facebook Authentication” service.

Other third parties

If you use Twitter or other auth (=OAuth) services for user management, then add the respective service while keeping the “Direct registration” in place.

Generate your privacy policy with iubenda


Still have questions?

Visit our support forum Email us